From Oracle Linux 5 Security Technical Implementation Guide
Part of GEN000000-LNX00600
Associated with: CCI-000225 CCI-000366
If an unauthorized user has been granted privileged access while logged in at the console, the security posture of a system could be greatly compromised. Additionally, such a situation could deny legitimate root access from another terminal.
Ensure the pam_console.so module is not configured in any files in /etc/pam.d by: # cd /etc/pam.d # grep pam_console.so * Or # ls -la /etc/security/console.perms If either the pam_console.so entry or the file /etc/security/console.perms is found then this is a finding.
Configure PAM to not grant sole access of administrative privileges to the first user logged in at the console. Identify any instances of pam_console. # cd /etc/pam.d # grep pam_console.so * For any files containing an un-commented reference to pam_console.so, edit the file and remove or comment out the reference. Remove the console.perms file if it exists: # rm /etc/security/console.perms
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer